Governance & Risk Management , Professional Certifications & Continuous Training , Security Awareness Programs & Computer-Based Training

Measure Aims to Help Small Businesses Build Cyberdefenses

Senate Commerce Panel OK's Bill Directing NIST to Create Guidance Tailored to Small Businesses
Measure Aims to Help Small Businesses Build Cyberdefenses
Sen. John Tune chairs the Senate Commerce, Science and Transportation Committee.

Legislation aimed to provide a set of tools, best practices and guidance to help small businesses protect their digital assets is heading to the U.S. Senate.

See Also: How to Leverage Hacking Competitions as an Educational and Recruitment Tool

The Senate Commerce, Science and Transportation Committee on April 5 approved the Main Street Cybersecurity Act, short for Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act.

"This legislation will help small businesses get the information they need to protect themselves and their customers from cyberattacks," Committee Chairman John Thune, R-S.D., said at the panel's markup session on the bill.

Guidance Tailored to Small Businesses

The bill would require the National Institute of Standards and Development to create cybersecurity guidance tailored to small business needs. Elements of the guidance would include simple, basic controls to assist small businesses to defend against common cybersecurity risks. Tools described in the guidance must be technology neutral and be commonly used, off-the-shelf commercial products.

In developing the guidance, the bill would require NIST to consider methods adopted through the Small Business Development Cyber Strategy. The strategy, enacted last year by Congress, aims to toughen small business cybersecurity through the dissemination of risk information and ways to enhance cybersecurity infrastructure.

Cyberattack Targets

Citing a 2012 study, one of the bill's sponsors, Republican Sen. James Risch of Idaho, says 71 percent of cyberattacks target businesses with fewer than 100 employees.

"Small businesses are the backbone of our economy, but unfortunately that's exactly what makes them a prime target for hackers," the bill's prime sponsor, Democratic Sen. Brian Schatz of Hawaii, said when introducing the legislation. "These cyberattacks not only leave American consumers exposed, they can be so harmful to businesses that recovering from an attack can often times force them out of business."

A number of business groups including the U.S. Chamber of Commerce and the National Small Business Association back the legislation. "By offering small businesses federal agencies' resources and coordinated support, they can better manage risks, protect customer privacy, and focus on growing their ventures," says Andy Halataei, senior vice president for government affairs at the Information Technology Industry Council, a trade group.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.